TOPICS:

EVENT ANGLE:

Premium Research

You can't buy a hybrid cloud as a product nor as a service, and even if you could you would need to customise it for your unique requirements and constraints. The reality today is you need to buy the ingredients from a supplier then roll your own hybrid cloud and to manage this you need to put in place a Hybrid Cloud Manifesto.

The SPC-2 benchmark is a useful benchmark for bandwidth intensive sequential workloads, such as backup, ETL (extraction, translate, load) and large-scale analytics. Wikibon does a deep comparative analysis of the SPC-2 results, time-adjusting the pricing information to correct for different publication dates. Wikibon then analyses performance and price-performance together, and develops a guide to enable practitioners to understand the business options and best strategic fit. Wikibon concludes the Oracle ZS4-4 storage appliance dominates this high-bandwidth processing as of the best combination of good performance and great price performance at the high-end and mid-range of this market.

The thesis of the overall Wikibon research in this area is that within 2 years, the majority of IT installations will be moving to combine workloads together to share data using NAND flash as the only active storage media. This will save on IT budget and improve IT productivity, especially in the IT development function. Our research shows that these changes have the potential to reduce the typical IT budget by 34% over a five year period while delivering the same functionality to the business. The projected IT savings of moving to a shared-data all-flash datacenter for an organization with a $40M IT budget are $38M over 5 years, with an IRR of 246%, an annual ROI of 542%, and a breakeven of 13 months. Future research will look at the potential to maximize the contribution of IT to the business, and will conclude that IT budgets should increase to deliver historic improvements in internal productivity and increased business potential.

The Public Cloud market is still forming – but seems to be poised to soon enter the Early Majority stage of its development where user behavior, preferences, and strategies become more stable. Large enterprises are more discerning of Public Cloud IaaS offerings. Test and development appears to be a key entry point for them since scale, operational complexity, and security/compliance/regulatory demands require a more nuanced approach to Public Cloud for IaaS. Small and Medium enterprises have the greatest need for Public Cloud and should consider well-established, lower risk entry points to Public Cloud like SaaS, Email, and Web Applications before venturing into Mission Critical and IaaS workloads to help them navigate an increasingly complex and costly IT infrastructure environment.

So, when privacy concerns crop up at odds with the expectations of those customers things can get a little dicey. Earlier this month, DropBox came under fire because of statements made on their website about how employees were unable to access stored information (due to it being encrypted on their servers) a statement later shown to be untrue as employees had access to the encryption keys meaning the data was in fact not safe from them.

The FTC complaint charges Dropbox (.pdf) with telling users that their files were totally encrypted and even Dropbox employees could not see the contents of the file. Ph.D. student Christopher Soghoian published data last month showing that Dropbox could indeed see the contents of files, putting users at risk of government searches, rogue Dropbox employees, and even companies trying to bring mass copyright-infringement suits.

Soghoian, who spent a year working at the FTC, charges that Dropbox “has and continues to make deceptive statements to consumers regarding the extent to which it protects and encrypts therir data,” which amounts to a deceptive trade practice that can be investigated by the FTC.

Dropbox dismissed Soghoian’s allegations.

“We believe this complaint is without merit, and raises old issues that were addressed in our blog post on April 21, 2011,” company spokeswoman Julie Supan said in a short e-mail to Wired.com. “Millions of people depend on our service every day and we work hard to keep their data safe, secure, and private.”

Personal disclaimer: I use DropBox in my personal life and I enjoy it thoroughly. I didn’t gravitate towards the application because they offered extraordinary security above and beyond other software; but because it does its job efficiently, with little fuss, and is highly versatile.

There’s so many ways that data can be leaked out of DropBox without even acknowledging the potential for employees to look at your data. Anytime we put something in the cloud, we open ourselves up to our information stored outside of our computers to be open to the world. As a result, it’s important for us to make our own privacy decisions about what goes into these sharing services.

Point in fact, if I want to share actually important and secret data between computers, it’s incumbent upon me to make certain that I secure it. DropBox may be excellent for transferring that data between computers and even if they’re perfectly secure on their servers, I don’t know that my data is secure in-between or secure where I’ve shared it. As a result, I roll my own encryption for secrets placed in cloud-based services.

The personal security ecosystem is full of extremely good programs for protecting your personal data. For example, I use open-source information security software, TrueCrypt for Windows to encrypt secret data that I put into DropBox. Let’s put this into a real-world analogy. It’s a lot like I rent at a local storage facility. I understand there’s a lock on the door to my storage unit; but I want to store tax documents within. I hire the storage company to keep my items within safe from theft; but I understand that their employees, ground security, and so on have keys to my storage container and I also understand that the bad guys have bolt cutters. So what do I do? I put my secret tax documents in a safe.

Using cloud-based services is still a risk assessment versus convenience. For my day-to-day stuff that I throw into DropBox it’s snippets of articles I’m working on, pictures of my cat, links to websites that I’m looking at. Things I don’t even care if the world sees. However, when it comes to developing stories, protected sources, and proprietary information shared with teammates at work I encrypt (i.e. put it into a safe.) It may take a little longer to synchronize and I have to enter a password every time I want to modify or view it. This is a very minor inconvenience to me for greatly increased security on my own devices, on the devices of my coworkers, and even from possible breaches of my DropBox.

The personal cloud apps that I use always come with a risk. I personally accept that risk as possible even when the app I’m using suggests that it’s more private than other cloud-based services. Anytime my information leaves the confines of my computer I evaluate and educate myself on what risk I’m willing to accept.

We should all be so aware of our own personal-cloud security.

About Kyt Dotson

Kyt Dotson is a Senior Editor at SiliconAngle and works to cover beats surrounding DevOps, security, gaming, and cutting edge technology. Before joining SiliconAngle, Kyt worked as a software engineer starting at Motorola in Q&A to eventually settle at Pets911.com where he helped build a vast database for pet adoption and a lost and found system. Kyt is a published author who writes science fiction and fantasy works that incorporate ideas from modern-day technological innovation and explore the outcome of living with those technologies.